CVE-2025-58029: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2025-58029) was discovered in Sumit Singh's Classic Widgets with Block-based Widgets plugin affecting versions through 1.0.1. The vulnerability was reported on July 30, 2025, and publicly disclosed on September 22, 2025. This security issue allows unauthorized access to functionality not properly constrained by Access Control Lists (ACLs) (NVD, Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) with a CVSS v3.1 Base Score of 5.3 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating that it can be exploited over the network, requires low attack complexity, needs no privileges, and requires no user interaction (NVD, Patchstack).

The vulnerability has a low severity impact on affected systems. It primarily affects the integrity of the system with limited potential for unauthorized modifications, while confidentiality and availability remain unaffected according to the CVSS metrics (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. The issue affects versions through 1.0.1 of the Classic Widgets with Block-based Widgets plugin (Patchstack).